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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 12/18/2008 appealing from the Office action 
mailed 11/23/2008. 
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(1) Real Party Interest 

A statement of identifying by name the real party interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings which 
will directly affect or be directly affected by or have a bearing on the Board's decision in the pending 
appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in the brief 
is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is partly correct. 
Examiner has added a new ground of rejection under 35 USC § 101 with respect to claims 1 and 17 
approved by the TC 2400 Director. 
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(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,275,824 O'Flaherty et al. 8-2001 

6,578,037 Wong et al. 6-2003 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claim Rejections - 35 USC § 101 
1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 1 and 17 are rejected under 35 U.S.C. 101 based on Supreme Court precedent and recent 
Federal Circuit decisions, a 35 U.S.C § 101 process must (1) be tied to a particular machine or (2) 
transform underlying subject matter (such as an article or materials) to a different state or thing. In re 
Bilski et al, 88 USPQ 2d 1385 CAFC (2008); Diamond v. Diehr, 450 U.S. 175, 184 (1981); Parker v. 
Flook, 437 U.S. 584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 63, 70 (1972); Cochrane v. Deener, 
94 U.S. 780,787-88(1876). 

The data security system and the method for providing data security recited in claims 1 and 17 
are not tied to a particular machine . An example of a method claim that would not qualify as a statutory 
process would be a claim that recited purely mental steps. Thus, to qualify as a § 101 statutory process, 
the claim should positively recite the particular machine to which it is tied, for example by identifying the 
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apparatus that accomplishes the method steps, or positively recite the subject matter that is being 
transformed, for example by identifying the material that is being changed to a different state. 

Here, applicant's method steps are not tied to a particular machine and do not perform a 
transformation. Thus, the claim is non-statutory. 

The mere recitation of the machine in the preamble with an absence of a machine in the body of 
the claim fails to make the claim statutory under 35 (JSC 101 . Note the Board of Patent Appeals 
Informative Opinion Ex parte Langemyer et al. 

Claim Rejections - 35 USC §103 
2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over O'Flaherty et al. (US 
6,275,824 B1 - " O'Flaherty ") in view of Wong et al. (US 6,578,037 B1 - " Wong ") 

As per Claim 1 , O'Flaherty teaches, 

A data security system [see abstract], comprising: an implicit clearance system [see FIG. 6; 
STANDARD VIEW 260 - ROUTINE DSS APPLICATIONS 110 A in FIG.2A; and for example, col.8, lines 
1 6-45, "The standard view 260 will not present personal data unless either the flag in column 224 
(indicating that the personal information and identifying information can be disseminated) or 226 
(indicating that personal information can only be disseminated anonymously) is activated. Hence, the 
standard view 260 selectively masks personal data from view unless the consumer has had the 
appropriate flags set to the proper value..."]; 

an explicit clearance system [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1 
& FIG.5; ACCESS LOG 402 in FIG.4; and for example, col.4, lines 37-60, "....all access to the data 
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stored in the extended database 106 is provided solely through the dataview suite 108... third party 
applications 112 have access only to such data as permitted by the database view provided. . . 
limiting access to the data stored in the extended database 106 to access provided by the privacy 
dataview suite 108 for purposes of (1) implementing privacy rules provides the capability to make the 
personal data anonymous ... (2) to restrict access to opted-out columns, which can apply to all personal 
data, separate categories of personal data, or individual data columns, and (3) to exclude entire rows 
(customer records) for opt-out purposes based on customer opt-outs ..."]; 

a field level clearance system [see FIG.8; PRIVILEGED VIEW 262 - PRIVILEGED 
APPLIACTIONS 110B in FIG.2A; and for example, col.8, line 46 to col.9, line 14, "The privileged view 
262 permits viewing, analysis, and alteration of all information. The privileged view 262 will be supplied 
only to privileged ...and to those applications which handle privacy related functions ...example, the client 
interface module 212, which is used to view, specify, and change consumer privacy preferences, is a 
privileged application. Appropriate security measures are undertaken to assure that the privileged 
applications are suitably identified as such, and to prevent privileged view 262 access by any entity that is 
not so authorized..."]; and 

a data anonimization system [see FIG.7; ANONYMIZING VIEW - ANALYTICAL 
APPLICATIONS 110C in FIG.2A; and for example, col.9, lines 15-54, "The anonymizing view 264 
permits the viewing and analysis of personal information, but screens the information stored in the identity 
information portion 204 from view or analysis unless the flag in the column 224 ...is selected... permit data 
mining and ad-hoc queries. If the consumer permits, this information may also be provided to third party 
applications 112..."]. 

O'Flaherty teaches an explicit, implicit and field of clearance; but fails to teach wherein each 
system consists of an administrator configuration. However, in the same filed of endeavor, Wong 
discloses explicit, implicit and field of clearance systems consists of an administrator configuration [see 
FIG.1 - where Wong discloses Database Management System 100 as an administrator configuration, 
including Database Schema Object 104, Policy Group, Attribute, etc; and for example, col. 4, lines 25- 
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47]. Therefore, it would have been obvious to a person having ordinary skill in the art, at the time of 
Applicants' invention was made, to modify the system of O'Flaherty by incorporating the teaching of 
Wong in order to enhance the technique for controlling access to data in a database system. The 
modification implements a mechanism of accessing to database that is restricted based on security policy 
groups selected for the user [see at least abstract of Wong]. 

As per Claim 12 , O'Flaherty-Wong combination teaches, 

A program product stored on a recordable medium for providing data security, the program 
product comprising: means for selectively requiring a user to have explicit permission in order to access a 
set of data [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG. 1; ACCESS LOG 402 in 
FIG.4; and for example, col. 4, lines 37-60 of O'Flaherty]; 

means for requiring the user to meet any one of a set of implicit conditions in order access the set 
of data [see FIG.6; STANDARD VIEW 260 - ROUTINE DSS APPLICATIONS 110 A in FIG.2A; and for 
example, col. 8, lines 16-45 of O'Flaherty]; 

means for limiting access to data records by restricting the user to a predefined view [see FIG. 8; 
PRIVILEGED VIEW 262 - PRIVILEGED APPLIACTIONS 110B in FIG.2A of O'Flaherty]; and for 
example, col. 8, line 46 to col. 9, line 14, wherein the predefined view displays a predetermined set of data 
fields from the data records [see CUSTOMER TABLES in FIGS.2A-3C of O'Flaherty]; 

wherein the means for selectively requiring a user to have explicit permissions, the means for 
requiring the user to meet any one of a set of implicit conditions, and the means for limiting access to data 
records by restricting the user to a predefined view [see FIGS.1 , 2A-3C, 4 and 8 of O'Flaherty] consists 
of an administrator configuration [see FIG.1 - where Wong discloses Database Management System 
100 as an administrator configuration; and for example, col. 4, lines 25-47]; and means for replacing a 
data element in a data record with a unique identifier in order to create an anonymous data record [see 
FIG. 7; ANONYMIZING VIEW - ANALYTICAL APPLICATIONS 110C in FIG.2A; and for example, col. 9, 
lines 15-54 of O'Flaherty]. 
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As per Claim 17 , O'Flaherty-Wong combination teaches, 

A method for providing data security, comprising: selectively replacing data elements in data 
records with unique identifiers as the data records are being stored in a data warehouse in order to create 
anonymous data records [see FIG.7; ANONYMIZING VIEW - ANALYTICAL APPLICATIONS 110C in 
FIG.2A; and for example, col. 9, lines 15-54 of O'Flaherty]; 

selectively requiring a user to have explicit permission in order to access a set of the data records 
[see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1; ACCESS LOG 402 in FIG.4; and for 
example, col.4, lines 37-60 of O'Flaherty] consisting of an administrator configuration [see FIG.1 - where 
Wong discloses Database Management System 100 as an administrator configuration; and for 
example, col.4, lines 25-47]; 

requiring the user to meet any one of a set of implicit conditions consisting of an administrator 
configuration [see FIG.1 - where Wong discloses Database Management System 100 as an 
administrator configuration; and for example, col.4, lines 25-47], in order access the set of the data 
records if explicit clearance is not required [see FIG.6; STANDARD VIEW 260 - ROUTINE DSS 
APPLICATIONS 110 A in FIG.2A; and for example, col.8, lines 16-45 of O'Flaherty]; and limiting access 
to data records by restricting the user to a predefined view [see FIG. 8; PRIVILEGED VIEW 262 - 
PRIVILEGED APPLIACTIONS 110B in FIG.2A; and for example, col.8, line 46 to col.9, line 14 of 
O'Flaherty] consisting of an administrator configuration [see FIG.1 - where Wong discloses Database 
Management System 100 as an administrator configuration; and for example, col.4, lines 25-47], 
wherein the predefined view displays a predetermined set of data fields from the data records [see 
CUSTOMER TABLES in FIGS.2A-3C of O'Flaherty]. 

As per Claim 2 , O'Flaherty-Wong combination teaches, 

wherein the implicit clearance system comprises a mechanism for setting up a plurality of filters 
for a set of data [see FIGS.2A-3C - where O'Flaherty discloses plurality of filters 210, 212, SECURITY 
INFORMATION - CAT1, CAT2, CAT3 of O'Flaherty], and wherein a user is granted permission to the 
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set of data if the user meets a condition of at least one filter [see for example, col. 2, lines 57-67 of 
O'Flaherty]. 

As per Claim 3 , O'Flaherty-Wong combination teaches, 

wherein the set of data is selected from the group consisting of: a row of data [see EXTENDED- 
RULES-TRUSTED-ANONYMIZED DATABASE in FIGS.1 , 9 and 10 of O'Flaherty], a data table [see 
CUSTOMER TABLES in FIGS.2A-3C], and a data field [see CUSTOMER BASE TABLES in FIG.1 1 of 
O'Flaherty]. 

Claim 6 is rejected for the same reasons applied to the rejection of Claim 3. 
As per Claim 4 , O'Flaherty-Wong combination teaches, 

wherein the implicit clearance system comprises a table for each filter, wherein each table lists all 
user ID's that meet the condition of an associated filter [see CUSTOMER TABLES in FIGS.2A-3C - 
where O'Flaherty discloses ID's; e.g., ACCT NO. associated with filters 210, 212, SECURITY 
INFORMATION -CAT1, CAT2, CAT3 of O'Flaherty]. 

As per Claim 5 , O'Flaherty-Wong combination teaches, 

wherein the explicit clearance system comprises a mechanism for requiring explicit permission to 
an area of data [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1; ACCESS LOG 402 
in FIG.4; and for example, col.4, lines 37-60 of O'Flaherty], and wherein a user is granted permission to 
the area of data only if explicit permission has been granted [see for example, col. 2, lines 57-67 of 
O'Flaherty, "... a database management system, for storing and retrieving data from a plurality of 
database tables wherein the data in the database tables is controllably accessible according to 
privacy parameters stored in the database table, ... and controlling access to the data within the 
database tables according to the privacy parameters, and ...for validating enforcement of the data 
privacy parameters in the database management system"]. 
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As per Claim 7 , O'Flaherty-Wong combination teaches, 

wherein the explicit clearance system comprises: an explicit areas table that defines all areas of 
data that require explicit clearance [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1; 
ACCESS LOG 402 in FIG.4; and for example, col.4, lines 37-60 of O'Flaherty]; and a set of ID tables that 
define those users who have explicit clearance for each of the areas requiring explicit permission [see 
CUSTOMER TABLES in FIGS.2A-3C of O'Flaherty]. 

Claims 13 and 18 are rejected for the same reasons applied to the rejection of Claim 7. 

As per Claims 8 and 9 , O'Flaherty-Wong combination teaches, 

wherein the field level clearance system controls access to data types by restricting a user to a 
predefined view [see FIG.8; PRIVILEGED VIEW 262 - PRIVILEGED APPLIACTIONS 110B in FIG.2A; 
and for example, col. 8, line 46 to col. 9, line 14 of O'Flaherty], wherein the predefined view displays a 
predetermined set of data fields; and wherein the field level clearance system includes a set of data type 
tables that dictates data types available to each of a plurality of users [see FIGS.2A-3C of O'Flaherty]. 

As per Claims 10 and 11 , O'Flaherty-Wong combination teaches, 

wherein the anonimization system provides a mechanism for replacing a data element in a data 
record with a unique identifier in order to keep the data record anonymous; and a reference table for each 
data field that is to be kept anonymous, wherein each reference table includes a list of anonimized data 
elements and an associated unique identifier; and a mechanism for generating a new unique identifier for 
a data element that does not exist in the list of anonimized data elements [see OPT-OUT VIEW 266 in 
FIG.2B and FIGS.3C and 1 1 -where O'Flaherty discloses anonimization techniques and plurality of 
viewing modes]. 

Claims 16 and 21 are rejected for the same reasons applied to the rejection of Claim 1 1 . 
As per Claim 14 , O'Flaherty-Wong combination teaches, 
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wherein the means for requiring the user to meet any one of a set of implicit conditions comprises 
means for storing a set of acceptable user ID's for each of the implicit conditions [see CUSTOMER 
TABLES in FIGS.2A-3C - where O'Flaherty discloses ID's; e.g., ACCT NO. associated with filters 210, 
212, SECURITY INFORMATION - CAT1, CAT2, CAT3 of O'Flaherty]. 

Claim 19 is rejected for the same reasons applied to the rejection of Claim 14. 

As per Claim 15 , O'Flaherty-Wong combination teaches, 

wherein the means for limiting access to a data record includes means for associating each of a 
plurality of users with one of the predefined views [see STANDARD-PREVILEGED-ANONYMIZED- 
OPTOUT VIEWS in FIGS.2A-3A, 3C and 11 of O'Flaherty]. 

Claim 20 is rejected for the same reasons applied to the rejection of Claim 15. 

(10) Response to Argument 

Applicant argued that Claims 1-21 are not obvious over O'Flaherty in view of Wong. 

Applicant is not disputing that the primary reference (O'Flaherty) discloses the claim features; i.e., 
applicant admits that O'Flaherty discloses implicit clearance system; explicit clearance system; field level 
clearance system; and a data anonimization system. In addition, applicant is not disputing that the 
secondary reference (Wong) discloses "an administrator configuration." Thus, applicant is only arguing 
that, "incorporating the secondary reference, Wong, will render the primary reference, O'Flaherty, 
inoperative". 

Examiner respectfully disagrees with applicant's argument, and points out that: 
(a) As explained below, applicant's argument presented in the brief contains self contradictory 
statements. For example, regarding the invention, applicant stated that, "... these [the claimed] limitations 
require that an administrator configure the explicit and implicit or field level clearance systems. A client or 
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consumer is prohibited from configuring such a system " [1 st paragraph of ARGUMENTS section (page 
4)]. Then, applicant turns back and argued that, "The combination proposed by the Office would deny the 
consumer in O'Flaherty the right to specify data sharing preferences, as the administrator would configure 
access to the data, not the consumer or client [page 5, lines 13-15]. In other words, applicant is admitting 
that the modified system of O'Flaherty combined with Wong functions exactly in the same way as recited 
in the claimed invention, because modified O'Flaherty allows the administrator, not the client, to 
configure access to the data as applicant clearly recognized above. 

(b) The purpose of O'Flaherty is not "to allow a consumer to specify when and under which 
circumstances personal information may be retained or shared with or sold to others" as indicated by 
applicant's argument. This is a carefully selected single portion (col. 5, lines 20-22) of O'Flaherty that is 
intended to support applicant's argument. Rather, O'Flaherty discloses its main purpose as ''managing 
data privacy in a database management system" [abstract]; such that, the database management system 
" . . . provides all the advantages of a complete data warehousing system, while addressing the privacy 
concerns of the consumer" (col. 2, lines 41-50). In other words, O'Flaherty does not in any way suggest 
prohibiting the administrator from configuring its database management system. 

Therefore, examiner respectfully asserts that the combining Wong to O'Flaherty does not make 
the primary reference unworkable; and additionally, a person of ordinary skill in the art could recognize 
that Claims 1-21 are obvious over O'Flaherty in view of Wong. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related Appeals 
and Interferences section of this examiner's answer. 



For the above reasons, it is believed that the rejections should be sustained. 
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This examiner's answer contains a new ground of rejection set forth in section (9) above. 
Accordingly, appellant must within TWO MONTHS from the date of this answer exercise one of the 
following two options to avoid sua sponte dismissal of the appeal as to the claims subject to the new 
ground of rejection: 

(1) Reopen prosecution. Request that prosecution be reopened before the primary examiner by 
filing a reply under 37 CFR 1.111 with or without amendment, affidavit or other evidence. Any 
amendment, affidavit or other evidence must be relevant to the new grounds of rejection. A request that 
complies with 37 CFR 41.39(b)(1) will be entered and considered. Any request that prosecution be 
reopened will be treated as a request to withdraw the appeal. 

(2) Maintain appeal. Request that the appeal be maintained by filing a reply brief as set forth in 
37 CFR 41 .41 . Such a reply brief must address each new ground of rejection as set forth in 37 CFR 

41 .37(c)(1 )(vii) and should be in compliance with the other requirements of 37 CFR 41 .37(c). If a reply 
brief filed pursuant to 37 CFR 41 .39(b)(2) is accompanied by any amendment, affidavit or other evidence, 
it shall be treated as a request that prosecution be reopened before the primary examiner under 37 CFR 
41.39(b)(1). 

Extensions of time under 37 CFR 1.136(a) are not applicable to the TWO MONTH time period set 
forth above. See 37 CFR 1.136(b) for extensions of time to reply for patent applications and 37 CFR 
1 .550(c) for extensions of time to reply for ex parte reexamination proceedings. 

Respectfully submitted, 
/Amare Tabor/ 
Examiner, Art Unit 2439 
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A Technology Center Director or designee must personally approve the 
new ground(s) of rejection set forth in section (9) above by signing below: 

/Timothy P Callahan/ 

Director, Technology Center 2400 



Conferees: 
Kambiz Zand 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 
Christopher Brown 
/Christopher J Brown/ 
Primary Examiner, Art Unit 2434 



